Increasing Cache Hit Rates with Query String Sort

Optimized Performance: Increasing Cache Hit Rate

At CloudFlare, we care a lot about serving requests as fast as possible. Files can be served much faster when already in CloudFlare’s cache. Skipping the trip to the customer’s web server eliminates the latency of that connection and saves bandwidth from the connection between CloudFlare and the customer’s origin, and allows us to utilize the full speed of our ultra-fast servers.

By default, CloudFlare only caches static files. However, Page Rules can be utilized to set more files as cacheable. For more information on Page Rules, please see the Page Rules section of our knowledge base.

Items are cached by their full URL, including the query string. However, due to the details of how query strings work, this can lead to some cache misses. There is no RFC which defines that the order of query strings arguments matter, but in some (rare) cases they do. Thus, by default, CloudFlare caches the following two requests separately:

https://example.com/a?color=red&word=hi https://example.com/a?word=hi&color=red

Introducing Query String Sort

With a newly available Enterprise-level feature called Query String Sort, CloudFlare will first sort the query strings in a URL into a deterministic order before checking cache Continue reading

Network Break 43

Network Break episode 43 looks at Cisco's OpenDNS acquisition, the OpenDaylight Lithium release, a global IT spending forecast, and Amazon's s2n open source TLS implementation

Author information

Drew Conry-Murray

I'm a tech journalist, editor, and content director with 17 years' experience covering the IT industry. I'm author of the book "The Symantec Guide To Home Internet Security" and co-author of the post-apocalyptic novel "Wasteland Blues," available at Amazon.
TwitterLinkedIn

The post Network Break 43 appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.

OwnCloud’s new encryption framework gives enterprises more flexibility

It’s no secret that security has been a tripping point for enterprises considering cloud storage, but OwnCloud on Tuesday took a fresh step toward alleviating such concerns with the addition of a new encryption framework.OwnCloud’s file, sync and share service offers an open-source and self-hosted alternative to platforms such as Box and Dropbox that’s designed specifically to allow companies to retain control of their data.Now, Encryption 2.0 gives users the ability to manage their own encryption keys in their enterprise key store. It also allows them to adopt the encryption standard of their choice and write a server app to meet their company’s unique encryption requirements.To read this article in full or to leave a comment, please click here

Former attorney general calls Snowden deal possible

The “possibility exists” for the U.S. Department of Justice to cut a deal that would allow surveillance leaker Edward Snowden to return to the U.S., a former attorney general said in a media interview.Snowden, who leaked information about the National Security Agency’s surveillance programs, “spurred a necessary debate” about the collection of U.S. telephone records, former Attorney General Eric Holder told Yahoo News.The DOJ, however, hasn’t changed its official position on Snowden, a spokesman said. The DOJ wants Snowden to return to the U.S. from Russia and face criminal charges, the spokesman said by email.To read this article in full or to leave a comment, please click here

Meraki Will Never Be A Large Enterprise Solution

Cisco-Cloud-Networking-Meraki

Thanks to a couple of recent conversations, I thought it was time to stir the wireless pot a little. First was my retweet of an excellent DNS workaround post from Justin Cohen (@CanTechIt). One of the responses I got from wireless luminary Andrew von Nagy (@RevolutionWifi):

This echoed some of the comments that I heard from Sam Clements (@Samuel_Clements) and Blake Krone (@BlakeKrone) during this video from Cisco Live Milan in January:

During that video, you can hear Sam and Blake asking for a few features that aren’t really supported on Meraki just yet. And it all comes down to a simple issue.

Should It Just Work?

Meraki has had a very simple guiding philosophy since the very beginning. Things should be easy to configure and work without hassle for their customers. It’s something we see over and over again in technology. From Apple to Microsoft, the focus has shifted away from complexity and toward simplicity. Gone are the field of radio buttons Continue reading

Researchers find previously unknown exploits among Hacking Team’s leaked files

Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.There are also reports of exploits for a vulnerability in Windows and one in SELinux, a Linux kernel security module that enforces access control policies. The flaws were supposedly used by the company’s customers to silently deploy its software on computers belonging to surveillance targets.Hacking Team was incorporated as HT in Milan and develops a computer surveillance program called Remote Control System (RCS), or Galileo. The system is sold to law enforcement and other government agencies from around the world, along with access to computer intrusion tools that are needed to deploy it.To read this article in full or to leave a comment, please click here

Why certifications make me grouchy

While I support certifications, they also make me grouchy. Sometimes they make me really, really, grouchy, in fact — probably more grouchy than I have a right to be. You’ve probably heard the complaints a number of times.

For instance, there’s the problem of paper tigers, people who gain the certification but don’t have any real experience with the technology, or don’t really understand the technology. Paper tigers are bad, of course, but they’re generally easy to detect through a rigorous interview. In fact, paper tigers exist without the certification; it’s entirely possible for a solid resume to lead to a candidate that doesn’t have the skills advertised. Degree’s don’t really prove much, either, and it takes four years to get one of those (in theory), so I don’t know how much whining about this problem — as real as it is — is going to help.

Tony Li had a counter to this — he used to sit with a candidate’s resume in hand asking questions, and lining through skills he didn’t think the candidate actually had. At the end of the interview, he would hand the resume back to the candidate and say, essentially, “there, I fixed it Continue reading

The Upload: Your tech news briefing for Tuesday, July 7

Privacy group files FTC complaint to push Google to extend right to be forgotten to USFirst they ignore you, then they laugh at you.... After a year of ridiculing a European court’s “right to be forgotten” ruling, it seems that some Americans at least are beginning to think it’s a good idea. The ruling required search engines to exclude certain pages containing personal information from their search results on request from the people concerned. Now Consumer Watchdog has asked the U.S. Federal Trade Commission to institute a similar right.To read this article in full or to leave a comment, please click here

How to find cellular access when traveling (without international roaming)

My wife, two kids, and I just took a three-day trip to Vancouver, British Columbia, from our home in Seattle. Joining us were three laptops, two iPod touches, three Kindles, and two iPhones. We remembered to bring clothes and sunscreen, too.Traveling to Canada is just like going to another country—they have different currency and units of measurement, they spell “center” as “centre,” and they have different telecommunications companies. The variety of potato chips almost makes up for it.MORE: 10 mobile startups to watch Before we left, I did my usual research into how we’d keep online. We knew the Airbnb rental to which we were going had Wi-Fi, and I assumed that the profusion of free Internet service I was used to in the States would be as abundant. We were staying near Stanley Park, and there are hundreds of shops, grocery stores, and restaurants within a few blocks.To read this article in full or to leave a comment, please click here

OpenSSL tells users to prepare for a high severity flaw

Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.OpenSSL implements multiple cryptographic protocols and algorithms including TLS (Transport Layer Security), which underpins encryption on the Web as part of protocols like HTTPS (HTTP Secure), IMAPS (Internet Message Access Protocol Secure) and SMTPS (Simple Mail Transfer Protocol Secure).The project didn’t say which part of the library is affected, but high severity flaws in OpenSSL are usually a big deal, especially if they impact TLS.To read this article in full or to leave a comment, please click here

Is Linux TCP/IP Stack Really That Slow?

Most people casually involved with virtual appliances and network function virtualization (NFV) believe that replacing Linux TCP/IP stack with user-mode packet forwarding (example: Intel’s DPDK) boosts performance from meager 1 Gbps to tens of gigabits (and thus makes hardware forwarding obsolete).

Having data points is always better than having opinions; today let’s look at Receiving 1 Mpps with Linux TCP/IP Stack blog post.

2015-07-18: The blog post was updated based on feedback by Kristian Larsson.

Read more ...

It is time to drop the CCIE written

Back in 1993 the CCIE Cisco Certification, the first Cisco certification, was created and tested. Yes, the CCIE certification came years before the CCNA certification (1998) and thus Cisco needed a way to weed out candidates who were not ready for the CCIE lab exam.  What they came up with was a Written pre-qualification exam to show that […]

The post It is time to drop the CCIE written appeared first on Fryguy's Blog.

FBI chief warns that terrorists hide behind encrypted communications

U.S. Federal Bureau of Investigation Director James Comey has asked for a “robust debate” on encryption of communications, saying that the technology could come in the way of his doing his job to keep people safe.The recruitment and tasking of Americans by the group known as the Islamic State, or ISIL, is increasingly taking place “through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment.”“There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption,” he added. The op-ed in the Lawfare blog comes ahead of testimonies by Comey before the Senate intelligence and judiciary committees on Wednesday.To read this article in full or to leave a comment, please click here

Worth Reading: Networking with Fish

It seems like just yesterday I was at CiscoLive in San Francisco asking people I had met on twitter about their experiences blogging as well as hosting a web page. Today? Last week marked the 1 year anniversary of “Networking With Fish”.

If anyone ever asks me why I write, or why I work so hard to draw other people into the larger networking world, I’ll point them to this post. One of the biggest goals of my life is to help people learn and grow. I’ll never become a millionaire in the process, but I’ll have a million friends, and that’s infinitely more important in the long run.

The post Worth Reading: Networking with Fish appeared first on 'net work.

1 3,358 3,359 3,360 3,361 3,362 3,791